Description
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2801 Vulnerability (CVE-2019-2801)
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2022-31813)
WordPress Plugin bbPress Multiple Vulnerabilities (2.6.4)
Apache Tomcat Other Vulnerability (CVE-2005-2090)
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.05)